24 matches found
EUVD-2014-1816
Malware in sbrugna...
SUSE CVE-2014-1742
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper...
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
WebKit WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free
WebKit: Use-after-free in WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded CVE-2018-4197 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on the ASan build of the latest WebKit source on OSX. PoC:...
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
::selection, input:focus, .class0, ul::first-letter -webkit-column-count: 85; float: left; function jsfuzzer var fuzzervars = ; try / / var00034 = document.getSelection; catche try var00034.setPositionhtmlvar00003; var var00043 catche try / newvarvar00104:Element / var var00104 = htmlvar00013;...
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
WebKit WebCore::RenderObject::previousSibling Use-After-Free
WebKit: use-after-free in WebCore::RenderObject::previousSibling CVE-2017-13798 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= .class9 column-span:...
WebKit: use-after-free in WebCore::RenderObject::previousSibling(CVE-2017-13798)
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. ASan log: ================================================================= ==732==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000089218 at pc 0x00010e8a4e...
WebKit: use-after-free in WebCore::RenderObject::previousSibling(CVE-2017-13798)
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. ASan log: ================================================================= ==732==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000089218 at pc 0x00010e8a4e...
WebKit - WebCore::RenderObject::previousSibling Use-After-Free Exploit
Exploit for multiple platform in category dos / poc .class9 column-span: all; function f document.execCommand"indent", false; var var00031 = window.getSelection.setBaseAndExtentsum,16,null,6; f; !-- ================================================================= ASan log:...
WebKit - 'WebCore::RenderObject::previousSibling' Use-After-Free
.class9 column-span: all; function f document.execCommand"indent", false; var var00031 = window.getSelection.setBaseAndExtentsum,16,null,6; f; !-- ================================================================= ASan log: =================================================================...
WebKit WebCore::RenderText::localCaretRect Out-Of-Bounds Read
WebKit: out-of-bounds read in WebCore::RenderText::localCaretRect CVE-2017-13785 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC: ================================================================= max-height: 0;...
WebKit - WebCore::RenderObject::previousSibling Use-After-Free
WebKit - WebCore::RenderObject::previousSibling Use-After-Free .class9 column-span: all; function f document.execCommand"indent", false; var var00031 = window.getSelection.setBaseAndExtentsum,16,null,6; f; !-- ================================================================= ASan log:...
WebKit: use-after-free in WebCore::RenderObject with accessibility enabled(CVE-2017-7046)
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that accessibility features need to be enabled in order to trigger this bug. On Safari on Mac this can be accomplished by opening the inspector simply opening the...
WebKit WebCore::RenderObject Use-After-Free
WebKit: use-after-free in WebCore::RenderObject with accessibility enabled CVE-2017-7046 There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. Note that accessibility features need to be enabled in order to trigger this bug. O...
WebKit - WebCore::RenderObject with Accessibility Enabled Use-After-Free Exploit
Exploit for multiple platform in category dos / poc link text-transform: lowercase; link::first-letter border-spacing: 1em; function go dt.appendChildlink; var s = link.style; s.setProperty"display", "table-column-group"; s.setProperty"-webkit-appearance", "menulist-button"; function eventhandler...
WebKit - 'WebCore::RenderObject' with Accessibility Enabled Use-After-Free
link text-transform: lowercase; link::first-letter border-spacing: 1em; function go dt.appendChildlink; var s = link.style; s.setProperty"display", "table-column-group"; s.setProperty"-webkit-appearance", "menulist-button"; function eventhandler dir.setAttribute"aria-labeledby", "meta";...
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
CVE-2014-1742
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper...
Design/Logic Flaw
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper...